Common policy language for Policy Compliance and Change Detection System in managed service in data networks

As networks continue to grow exponentially, the need to build, maintain, and troubleshoot the growing number of heterogeneous network components has also increased significantly. Often times, scheduled and ad-hoc configuration changes lead to potential configuration errors, policy violations, inefficiencies, and vulnerable states. The current network management landscape offers a variety of configuration auditing tools to reduce risks and achieve compliance. However; they mostly operate in an offline fashion and lack real time reporting capabilities. In our previous work, we proposed an Automated Policy Compliance and Change Detection System capable of audit configurations against internal policies or external best practices and provide centralized reporting for monitoring and regulatory purposes in real time. One of the core requirements for our proposed system is a common policy language for expressing device and organizational policies. This paper defines some of the building blocks of the proposed policy language. A common policy language that will ease the enforcement of policies to all components of the network. Furthermore, the proposed common policy language will bring numerous practical advantages, such as lowering implementation overhead, as well as the possibility to use the same or at least similar tools to maintain the policies.